I suppose not running Stardust is a start
Is the rootkit on the CD or on your install?

Quote:

SucKIT is a rootkit presented in Phrack issue 58, article 0x07 ("Linux on-the-fly kernel patching without LKM", by sd & devik). This is a fully working rootkit that is loaded through /dev/kmem (i.e. it does not need a kernel with support for loadable kernel modules. It provides a password protected remote access connect-back shell initiated by a spoofed packet (bypassing most of firewall configurations), and can hide processes, files and connections.

By run it on Stardust do you mean that you pointed chkrootkit to the Stardust Puppy .iso file and it looked through it

or

have you installed Stardust Puppy in full install or frugal install or on DVD as a live user session and then activated the chkrootkit on Stardust Puppy?

Which other linux do you ahve installed now?

A rootkit is on the first sectors in root. Does that not mean it could have been there before you downloaded Star Dust?

I mean did you run chkrootkit on your machine before you downloaded the iso and which iso was it.

There are Stardust from 001 to 012 so very many to chose iso to test?

Quote:

There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.[1]

so if that is how you did it you have a CD or DVD and there executed the Chrootkit and it looked through your HD with Stardust on it?_________________I use Google Search on Puppy Forum
not an ideal solution though

'Why so serious' [Joker as played by the late Heath Ledger]
Somebody has said what a malware detector is reporting
We need to move from a position of ignorance to what and why this is happening.
. . . that is fun . . .

but as a newbie the solutions that was suggested was too technical to be followed by me at least. If any of you could use them maybe you can explain how one do it step by step?_________________I use Google Search on Puppy Forum
not an ideal solution though

Both root kit checking programs have README files with them that tell you how to use them.
And neither one has to be installed to use them as per the README files.
I tried both, so I am speaking from experience.

I tested a third one that column writers did recommend at geek com something.

Rootkit Revealer and it run/ran for some 30 minutes or more and finally told me it had found some 409000 things that was not what it expected. I tried to look through them but had not knowledge enough to get what it was all about.

I maybe try the one named Gmer too and the Chroot one .

But seems one have to know much to have any usage of them.

For experts?_________________I use Google Search on Puppy Forum
not an ideal solution though

When I ran the check root programs, it displayed a number of warnings on files. I do believe there were there because of Puppy's use of system links and scripts used to call some executables.
Since it is looking for an executable and finds a link or a script, it kicks back a warning.
Does that make sense?

Busybox is basically a bunch of programs combined into one very small package. So things that chkrootkit does not expect to see in, for example, 'echo', are there because of the other programs that busybox mimics.

_________________Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum